CN113612603B - Unauthorized strong assignment verifier signcryption method - Google Patents
Unauthorized strong assignment verifier signcryption method Download PDFInfo
- Publication number
- CN113612603B CN113612603B CN202110855850.XA CN202110855850A CN113612603B CN 113612603 B CN113612603 B CN 113612603B CN 202110855850 A CN202110855850 A CN 202110855850A CN 113612603 B CN113612603 B CN 113612603B
- Authority
- CN
- China
- Prior art keywords
- signcryption
- verifier
- appointed
- signer
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012795 verification Methods 0.000 claims abstract description 14
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a signcryption method of unauthorized strong appointed verifier, which comprises the following key steps: the system initialization stage is to build and release the needed system public parameters; the public and private key establishment stage is to respectively establish respective public and private key pairs for signers and appointed verifiers; the signcryption generation stage adopts methods such as random parameters, exclusive OR, hash and the like, and a signcryption is established for a given message through an algorithm (step) designed to enable a specified verifier to operate in a peer-to-peer mode; the decryption stage is used for decrypting and verifying given signcryption by appointed verifiers through reverse exclusive OR and hash verification; in the production stage of the signcryption copy, a random parameter and a peer algorithm (step) in the signcryption generation stage are adopted, and a verifier is appointed to simulate and establish a signcryption copy by using a private key of the verifier. The signcryption method of the appointed verifier, which is realized by the invention, can resist authorized attack, has the properties of being non-transferable, strong appointed verifier and the like, and has higher efficiency.
Description
Technical Field
The invention relates to a signcryption method, in particular to a signcryption method of unauthorized strong assignment verifier with higher efficiency and better security.
Background
The signcryption is a cryptography primitive which combines encryption and signature in public key cryptography, realizes encryption and signature in one logic step, reduces the total amount and communication cost for encrypting and signing a message compared with the traditional message ' encryption after signature ', and has the effect of ' encryption after signature ' on the message, namely confidentiality, integrity, authenticability and non-repudiation ', which is a description of the signcryption. From this description, it can be seen that the signcryption has very good properties, which makes it widely used in various fields. However, conventional signcrypts do not have the property of specifying a verifier, i.e., it is desirable that the signcrypt be decrypted and verified by only a specified person. For example, in the electronic bidding system, only the designated bidding responsible person can see and verify the validity of the electronic bidding book which the bidder wishes to throw out, so that the content of the bidding book can be protected. Specifying a verifier signcryption may accomplish this.
There are many methods for specifying a verifier's signcryption, but a common problem is that they are not unauthorized, that is, they are vulnerable to authorization attacks (signcryptionist or specified verifier can authorize the signcryptivity or verification rights to a third party without revealing their own private key). There are also some problems: some have no "strong" specified verifier property (the validity of the signcryption must be verified only with the private key of the specified verification); some do not have the "non-transferable" nature (specifying that the verifier can use his own private key to create a copy of the signcrypt indistinguishable from that created by the signcrypt) and are inefficient (computationally complex, requiring a large number of computations). These drawbacks greatly limit the wide range of applications for a given verifier's signcryption.
Disclosure of Invention
In view of the above, a main object of the present invention is to provide a strong unauthorized authentication method with higher efficiency and better security.
The invention solves the technical problems by the following technical proposal: a method of unauthorized strong specification verifier signcryption, the method of unauthorized strong specification verifier signcryption comprising the steps of:
(1) System initialization phase: the system generates the required public parameter param= { p, q, g, H } and performs public release;
(2) Public and private key establishment: public and private key pairs (y) of signer and appointed verifier are respectively established by using public parameter param a ,x a ) And (y) b ,x b );
(3) A signcryption generation stage: generating a message m using the signer's private key and the public key of the designated verifier 0 Is of the signcryption delta 0 ;
(4) And (3) a decryption stage: for message m 0 On the signcryption delta 0 The appointed verifier decrypts the plaintext m by using the public key of the signer and the private key of the appointed verifier 0 And verify the signcryption delta 0 Whether the signcryption is valid or not, if so, accepting the signcryption, otherwise rejecting;
(5) And (3) a production stage of the signcryption copy: for message m 0 Specifying that the verifier simulates and generates a signcryptic copy delta 'with the private key of the verifier and the public key of the signcryptic' 0 。
In a specific embodiment of the present invention, the signcryption generation stage includes the following steps:
(1) The signer randomly selects Z q Is a three integer r 0 ,α 0 ,β 0 ;
(2) Signer calculations 0 =r 0 +x a R 0 (mod q ),l 0 =H(R 0 ,K 0 ,U 0 ),x 0 =l 0 -β 0 (mod q ),y 0 =r 0 +x 0 x a (mod q );
(3) Handle U of signer 0 Cut into left and right parts according to bit average 1 And l 2 (if U 0 Is odd, then truncated to one bit more right than left);
(4) Signer calculationt 0 =H(m 0 ,l 1 ) Final signcryption delta 0 Consists of six parameters, namely delta 0 =(x 0 ,y 0 ,α 0 ,β 0 ,t 0 ,D 0 )。
In a specific embodiment of the present invention, the decryption stage includes the following steps:
(1) Specifying verifier calculations
(2) Designating verifier verification equation x 0 +β 0 =H(R 0 ,K 0 ,U 0 ) Whether or not to establish; if not, rejecting the signcryption; if so, U is set as before 0 Cut into left and right parts l 1 And l 2 Then calculate the plaintext
(3) Specifying verifier verification equation t 0 =H(m 0 ,l 1 ) Whether or not to establish; if not, rejecting the signcryption; if so, then this signcryption is accepted.
In a specific embodiment of the present invention, the signcryptic copy production stage includes the following steps:
(1) Specifying that the verifier randomly selects a random access point belonging to Z q Is x is an integer of three 0 ,y 0 ,k 0 ∈Z q ;
(2) Determining verifier calculationsl 0 =H(R 0 ,K 0 ,U 0 ),β 0 =l 0 -x 0 (modq),α 0 =k 0 +β 0 x b (modq);
(3) Designating the verifier to compare l as before 0 Cut into left and right parts l 1 And l 2 Then calculatet 0 =H(m 0 ,l 1 ) The method comprises the steps of carrying out a first treatment on the surface of the Final signcryptic copy delta' 0 Consists of six parameters, namely delta' 0 =(x 0 ,y 0 ,α 0 ,β 0 ,t 0 ,D 0 )。
The invention has the positive progress effects that: the unauthorized strong assignment verifier signcryption method provided by the invention has the following advantages:
1. having unauthorized properties: the invention increases alpha in the signcryption generation stage 0 And beta 0 Two random parameters, an algorithm (step) is designed that allows the specified verifier to operate peer-to-peer, such that the resulting signcrypt has unauthorized properties. Therefore, under the condition that an attacker does not know the signer or designates the private key of the verifier, the signer cannot be forged no matter any other knowledge is obtained, thereby preventing authorized attack and further improving the security.
2. Has non-transferable properties: the signcryption copy production stage of the invention adopts the random parameter x equivalent to the signcryption generation stage 0 And y 0 Enabling a given verifier to simulate the generation of a copy of the signer's private key using its own private key. Because the copy of the signcrypt and the original signcrypt are indistinguishable, no one else including the signcrypt and the designated verifier can distinguish the true signcrypt producer, thus protecting the privacy of the signcrypt.
3. Having strongly specified verifier properties: in the decryption stage, the private key of a designated verifier and the reverse exclusive OR are usedDecryption of the signcryption and further verification can take place. Therefore, anyone else cannot decrypt and verify even if he intercepts the signcryption file, thus further improving the security of the transmitted information.
4. The invention uses exclusive OR "Encryption (decryption) is performed to obtain ciphertext (plaintext), and hash t is used 0 =H(m 0 ,l 1 ) The verification is carried out, so that the complex process of directly superposing encryption and signature to establish the signcryption is avoided, and the calculation efficiency is higher than that of other existing signcryption methods.
Drawings
Fig. 1 is a schematic diagram of the overall structure of the present invention.
Detailed Description
The following description of the preferred embodiments of the present invention is given with reference to the accompanying drawings, so as to explain the technical scheme of the present invention in detail.
Fig. 1 is a schematic diagram of the overall structure of the present invention, and as shown in fig. 1, the specific implementation steps of a signcryption method for unauthorized strong assignment verifier provided by the present invention are as follows:
step 1, a system initialization stage: according to the system safety requirement, two large prime factors p, q E N are selected so that q is a prime factor of p-1 and a hash function H: {0,1} * →Z p . Then the publication system parameter param= { p, q, g, H }, where g is Z, is disclosed p N is a natural number set.
Step 2, public and private key establishment: the signer and the appointed verifier randomly select an integer x respectively a ∈Z q And x b ∈Z q Then respectively calculateAnd->Then the public and private key pairs established are (y a ,x a ) And (y) b ,x b );
Step 3, a signcryption generation stage: when the user submits a message m 0 When the signcryption is required, a signcryptionist uses a system parameter param and a private key x of the signcryptionist a And public key y specifying verifier Bob b A message m is generated as follows 0 Is of the signcryption delta 0 :
Step 3.1. Random selection of signer belonging to Z q Is a three integer r 0 ,α 0 ,β 0 ;
Step 3.2 signer computations 0 =r 0 +x a R 0 (mod q ),l 0 =H(R 0 ,K 0 ,U 0 ),x 0 =l 0 -β 0 (mod q ),y 0 =r 0 +x 0 x a (modq);
Step 3.3. Signer handles U 0 Cut into left and right parts according to bit average 1 And l 2 (if U 0 Is odd, then truncated to one bit more right than left);
step 3.4. Signer computationt 0 =H(m 0 ,l 1 ). The final generated signcryption delta 0 Consists of six parameters, namely delta 0 =(x 0 ,y 0 ,α 0 ,β 0 ,t 0 ,D 0 )。
Step 4, decryption and decryption: for message m 0 On the signcryption delta 0 =(x 0 ,y 0 ,α 0 ,β 0 ,t 0 ,D 0 ) Designating verifier Bob to use system parameters param and signer's public key y a Secret key x specifying verifier b Decryption and verification is performed by the following steps:
step 4.1. Assignment of verifier calculation
Step 4.2. Specify verifier verification equation x 0 +β 0 =H(R 0 ,K 0 ,U 0 ) Whether or not it is. If not, rejecting the signcryption; if so, U is set as before 0 Cut into left and right parts l 1 And l 2 Then calculate (decrypt) the plaintext
Step 4.3. Specify verifier verification equation t 0 =H(m 0 ,l 1 ) Whether or not it is. If not, rejecting the signcryption; if so, then this signcryption is accepted.
Step 5, a signcryption copy production stage: for a given message m 0 Specifying the verifier to use the system parameters param and its own private key x b And the signer's public key y a A signcryption copy delta 'is simulated and generated as follows' 0 :
Step 5.1. Designating the verifier to randomly choose to belong to Z q Is x is an integer of three 0 ,y 0 ,k 0 ∈Z q ;
Step 5.2. Assignment of verifier calculation l 0 =H(R 0 ,K 0 ,U 0 ),β 0 =l 0 -x 0 (mod q ),α 0 =k 0 +β 0 x b (mod q );
Step 5.3. Designating the verifier to apply l as before 0 Cut into left and right parts l 1 And l 2 Then calculatet 0 =H(m 0 ,l 1 ). Final signcryptic copy delta' 0 Consists of six parameters, namely delta' 0 =(x 0 ,y 0 ,α 0 ,β 0 ,t 0 ,D 0 ) The generated copy of the signcryption may be decrypted and verified by step 4.
The invention increases alpha in the signcryption generation stage 0 And beta 0 Two random parameters, an algorithm (step) is designed to allow the specified verifier to operate in a peer-to-peer manner so as to be the mostThe resulting signcryption has unauthorized properties. Therefore, under the condition that an attacker does not know the signer or designates the private key of the verifier, the signer cannot be forged no matter any other knowledge is obtained, thereby preventing authorized attack and further improving the security.
The signcryption copy production stage of the invention adopts the random parameter x equivalent to the signcryption generation stage 0 And y 0 Enabling a given verifier to simulate the generation of a copy of the signer's private key using its own private key. Because the copy of the signcrypt and the original signcrypt are indistinguishable, no one else including the signcrypt and the designated verifier can distinguish the true signcrypt producer, thus protecting the privacy of the signcrypt.
In the decryption stage, the private key of a designated verifier and the reverse exclusive OR are usedDecryption of the signcryption and further verification can take place. Therefore, anyone else cannot decrypt and verify even if he intercepts the signcryption file, thus further improving the security of the transmitted information.
The invention uses exclusive OR "Encryption (decryption) is performed to obtain ciphertext (plaintext), and hash t is used 0 =H(m 0 ,l 1 ) The verification is carried out, so that the complex process of directly superposing encryption and signature to establish the signcryption is avoided, and the calculation efficiency is higher than that of other existing signcryption methods.
The foregoing has shown and described the basic principles and main features of the present invention and the advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the foregoing embodiments, which have been described in the foregoing embodiments and description merely illustrates the principles of the invention, and that various changes and modifications may be effected therein without departing from the spirit and scope of the invention as defined in the appended claims and their equivalents.
Claims (1)
1. A method for unauthorized strong assignment of verifier signcryption, characterized by: the unauthorized strong assignment verifier signcryption method comprises the following steps:
(1) System initialization phase: the system generates the required public parameter param= { p, q, g, H } and performs public release;
(2) Public and private key establishment: public and private key pairs (y) of signer and appointed verifier are respectively established by using public parameter param a ,x a ) And (y) b ,x b );
(3) A signcryption generation stage: generating a message m using the signer's private key and the public key of the designated verifier 0 Is of the signcryption delta 0 ;
(4) And (3) a decryption stage: for message m 0 On the signcryption delta 0 The appointed verifier decrypts the plaintext m by using the public key of the signer and the private key of the appointed verifier 0 And verify the signcryption delta 0 Whether the signcryption is valid or not, if so, accepting the signcryption, otherwise rejecting;
(5) And (3) a production stage of the signcryption copy: for message m 0 Specifying that the verifier simulates and generates a signcryptic copy delta 'with the private key of the verifier and the public key of the signcryptic' 0 ;
The signcryption generation stage comprises the following steps:
(1) The signer randomly selects Z q Is a three integer r 0 ,α 0 ,β 0 ;
(2) Signer calculations 0 =r 0 +x a R 0 (mod q),l 0 =H(R 0 ,K 0 ,U 0 ),x 0 =l 0 -β 0 (mod q),y 0 =r 0 +x 0 x a (mod q);
(3) Handle U of signer 0 Cut into left and right parts according to bit average 1 And l 2 The method comprises the steps of carrying out a first treatment on the surface of the If U 0 Is odd, then the right part is truncated by one bit more than the left part;
(4) Signer calculationt 0 =H(m 0 ,l 1 ) Final signcryption delta 0 Consists of six parameters, namely delta 0 =(x 0 ,y 0 ,α 0 ,β 0 ,t 0 ,D 0 );
The decryption stage comprises the following steps:
(1) Specifying verifier calculations
(2) Designating verifier verification equation x 0 +β 0 =H(R 0 ’,K 0 ’,U 0 ' whether or not it is true; if not, rejecting the signcryption; if so, U is set as before 0 Cut into left and right parts l 1 ' and l 2 ' then calculate the plaintext
(3) Specifying verifier verification equation t 0 =H(m 0 ’,l 1 ' whether or not it is true; if not, rejecting the signcryption; if so, then accept the signcryption;
the production stage of the signcryption copy comprises the following steps:
(1) Specifying that the verifier randomly selects a random access point belonging to Z q Is x is an integer of three 0 ’,y 0 ’,k 0 ’∈Z q ;
(2) Determining verifier calculations β 0 ’=l 0 ’-x 0 ’(mod q),α 0 ’=k 0 ’+β 0 ’x b (mod q);
(3) Designating the verifier to compare l as before 0 ' cut into left and right parts l 1 "and l 2 ", then calculatet 0 ’=H(m 0 ,l 1 ""; final signcryptic copy delta' 0 Consists of six parameters, namely delta' 0 =(x 0 ’,y 0 ’,α 0 ’,β 0 ’,t 0 ’,D 0 ’)。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110855850.XA CN113612603B (en) | 2021-07-28 | 2021-07-28 | Unauthorized strong assignment verifier signcryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110855850.XA CN113612603B (en) | 2021-07-28 | 2021-07-28 | Unauthorized strong assignment verifier signcryption method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113612603A CN113612603A (en) | 2021-11-05 |
| CN113612603B true CN113612603B (en) | 2023-10-27 |
Family
ID=78305777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110855850.XA Active CN113612603B (en) | 2021-07-28 | 2021-07-28 | Unauthorized strong assignment verifier signcryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113612603B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111654366A (en) * | 2020-05-09 | 2020-09-11 | 中南民族大学 | Secure bidirectional heterogeneous strong-designation verifier signature method between PKI and IBC |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7039807B2 (en) * | 2001-01-23 | 2006-05-02 | Computer Associates Think, Inc. | Method and system for obtaining digital signatures |
-
2021
- 2021-07-28 CN CN202110855850.XA patent/CN113612603B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111654366A (en) * | 2020-05-09 | 2020-09-11 | 中南民族大学 | Secure bidirectional heterogeneous strong-designation verifier signature method between PKI and IBC |
Non-Patent Citations (3)
| Title |
|---|
| 一个改进的强指定验证者签密方案;李元晓;周彦伟;杨波;;计算机应用研究(第02期);全文 * |
| 具有高安全性的指定验证者签名方案;吴云天;吴铤;;计算机工程(第23期);全文 * |
| 指定验证者签密研究及其应用;李元晓;中国优秀硕士学位论文全文数据库 信息科技辑;12-39 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113612603A (en) | 2021-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9967239B2 (en) | Method and apparatus for verifiable generation of public keys | |
| WO2021042685A1 (en) | Transaction method, device, and system employing blockchain | |
| JP3560439B2 (en) | Device for performing encryption key recovery | |
| US8670563B2 (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
| CA2838675C (en) | Implicitly certified digital signatures | |
| JP2009517910A (en) | Physical shared secrets and peripheral proofs using PUFS | |
| CN108494559B (en) | Electronic contract signing method based on semi-trusted third party | |
| Mu et al. | Secure two-party SM9 signing | |
| CN114666032A (en) | Block chain transaction data privacy protection method based on homomorphic encryption | |
| CN105187208B (en) | The unauthorized strong designated verifier signature system based on no certificate | |
| Kumar et al. | An efficient implementation of digital signature algorithm with SRNN public key cryptography | |
| CN111756722B (en) | Multi-authorization attribute-based encryption method and system without key escrow | |
| CN111756537A (en) | Two-party cooperative decryption method, system and storage medium based on SM2 standard | |
| CN106559224A (en) | It is a kind of that encryption system and method are persistently leaked based on the anti-of certificate | |
| CN113612603B (en) | Unauthorized strong assignment verifier signcryption method | |
| CN116455582A (en) | RSA multiple blind signature method and device based on identity | |
| Liu et al. | A secure and efficient identity-based quantum signature scheme | |
| CN110992010B (en) | Digital currency issue total amount control method and verification method | |
| CN102487321A (en) | Signcryption method and system | |
| Su et al. | New proxy blind signcryption scheme for secure multiple digital messages transmission based on elliptic curve cryptography | |
| CN115134120B (en) | Encryption method combining ECC with OPT | |
| CN118337505B (en) | Disclosure traceable ciphertext transmission method and storage method | |
| CN115150062B (en) | SM9 digital signature generation method and system with signature production data controlled safely | |
| JP4000899B2 (en) | Cryptographic method with authentication, decryption method and device with authentication, program, and computer-readable recording medium | |
| Verma et al. | ID-based multiuser signature schemes and their applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |